The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jan. 07, 2025
Filed:
Jun. 12, 2024
Endor Labs Inc, Palo Alto, CA (US);
Henrik Plate, Valbonne, FR;
Dimitrios Styliadis, San Jose, CA (US);
Alexandre Wilhelm, Kilauea, HI (US);
Endor Labs Inc, Palo Alto, CA (US);
Abstract
A non-transitory computer-readable media, method and server for detecting and addressing vulnerabilities in a third-party code are described. In some examples, a server receives a security advisory that includes a description of a vulnerability and accesses a version control system (VCS) used by a third-party library to determine additional resources related to the vulnerability. The server determines a set of code changes performed by the project maintainers in the VCS, identifies one or more fix commits that address the vulnerability, and identifies one or more functions with the vulnerability that have been changed by the fix commits. The server performs a search for components and component versions that include the one or more functions with the vulnerability and generates an enriched vulnerability description that includes identifiers of package versions that include fixed versions of the one or more functions and vulnerable version of the one or more functions. Project code in a development system is modified to use the fixed versions of the one or more functions.